PT-2019-9280 · Yzmcms · Yzmcms
Twohub
·
Published
2019-06-20
·
Updated
2019-06-20
·
CVE-2018-16247
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YzmCMS version 5.1
Description
The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the
title parameter in the admin/system manage/user config add.html page.Recommendations
For YzmCMS version 5.1, avoid using the
title parameter in the admin/system manage/user config add.html page until a fix is available. As a temporary workaround, consider restricting access to this page to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yzmcms